FBI briefed on alternate Sony hack theory

Uploaded on 2015-01-08 in GOVERNMENT-Law Enforcement, GOVERNMENT-Defence

FBI agents who are investigating the Sony Pictures hack were briefed recently by a security firm that says its research on the attacks points to laid-off Sony staff and not to North Korea, as the perpetrator.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Hackers who targeted Sony Pictures over the release of the film The Interview “got sloppy” and inadvertently revealed their links to North Korea, according to the director of the FBI.

James ComeyPicture: James Comey, the director of the Federal Bureau of Investigation

Speaking at the International Conference on Cyber Security James Comey said hackers had mistakenly sent messages that could be traced to IP addresses used exclusively by North Korea.

Comey said the North Korean origins of the cyber attack were evident despite the use of proxy servers in other countries to throw investigators off their trail.

"It was a mistake by them," he said. "It made it very clear who was doing this."

The US federal investigations chief added that he had a “very high confidence” that the attack was carried out by North Korea, “as does the entire intelligence community”.

However researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.

He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected.

The FBI afterwards said that it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
The official said law enforcement is still treating the incident as an “active criminal investigation” but that that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.

And recently US Director of National Intelligence James Clapper has said at a cybersecurity conference that he suspects his North Korean counterpart to be behind the hack of Sony Pictures. The Daily Beast reports that Clapper said during his talk at the International Conference on Cybersecurity that General Kim Youn Chol may have been behind the hack.

Clapper explained that if North Korea were behind the hack, then General Kim would have had to authorise the action. General Kim is a four-star general in charge of North Korea's Reconnaissance General Bureau, the organisation that Clapper claims is responsible for the Sony hack.

Sony’s chief exec Kazuo Hirai said he does not expect the November cyber attack on the company's film studio to have a significant financial impact on the entertainment conglomerate, two weeks after the studio rolled out the movie after the attack.

"We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations, basically, in terms of results for the current fiscal year."

The studio, Sony Pictures Entertainment, said separately that the film, "The Interview," has generated revenue of $36 million (23 million pounds).

http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory

http://uk.businessinsider.com/us-official-names-the-north-korean-general

http://world.einnews.com/article/243326473/qroI9QR0FlWGYhvP

http://uk.reuters.com/article/2015/01/06/uk-sony-cybersecurity

http://www.theregister.co.uk/2015/01/08/sony_megahack_financial_impact/

« ‘Anonymous’ Call For Revenge On Charlie Hebdo Terrorists
Dark Web thrives despite Operation Onymous »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Riskonnect

Riskonnect

Riskonnect technology empowers organizations with the ability to anticipate, manage, and respond in real-time to strategic, operational, and digital risks across the extended enterprise.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.